MSE was disabled by a virus attack

[clifford_cooley]

Thumbs down for:

• Microsoft Security Essentials

After receiving the virus I had no control of the system. Task manager would not open. Computer properties would not open. Every time I tried to open a system folder or app, I was presented with a message stating the app I was trying to use had been contaminated. At the same time there appeared to be an application scanning my computer that I had not seen before. During all of this I was also presented a less than authentic security message from the Taskbar stating my security had been compromised, and was asking me if I wanted to allow this scanning program access to do something (I don't remember what the exact phrase was).

Thumbs up for:

• Safe Mode
• CCleaner
• Malwarebytes
• System Restore Points

Not being a stranger to the way these attacks operate, I knew that I only had one option. Ignore all messages and re-boot into Safe Mode. Once in Safe Mode, I could then run cleaning programs. First I ran CCleaner then Malwarebytes. Running CCleaner first will remove the trash so that the malware scanner is not scanning anything that would not need to be scanned. After removing all trash from my system, I then performed a Recovery by falling back on a System Restore Point. Once I realized Safe Mode was my only option, I was back to business in a matter of 10 minutes.


While MSE has caught a few attempts in the past, this time one got through. I will still continue to support and use MSE because, no Anti-virus application is 100% effective.

 

[Mychael]

Good reason to have at least 2 AV going.

 

[Cypress]

Thats one of the deficiencies of antimalware apps - they are reactive, and when they react, your system is compromised. And what were you doing to get infected?

 

[Cypress]

Good reason to have at least 2 AV going.

In real time, maybe not. As a second opinion, its OK.

 

[Mychael]

I run AVG and MSE no issues.

 

[clifford_cooley]

And what were you doing to get infected?

I was searching for something. I believe I was hit by a flash based virus from one of the sites in the search list. But then again I have no evidence.

 

[Cypress]

I run AVG and MSE no issues.

Surprising.

 

[Nibiru2012]

There is a new malware "scanner" trojan out that mimics MSE and then suggests buying and downloading one of five suggested programs, which are junk to begin with.

In hindsight I should have posted a thread about it, but I didn't. I thought just about everyone here would catch it.

Although this sounds like what hit Cliff is not that scenario.

 

[davehc]

This is, maybe, the one to which Nibs refers?
http://www.brighthub.com/computing/smb-security/articles/69281.aspx

But, if not too private, can you remember what you were searching for, Cliff? I would be willing to give it a go. I am happy with MSE but would like to check out a bug, if there is such, for MS's information.

 

[clifford_cooley]

I was searching info on the movie "Iron Man 2" at that time. I can not remember which site I received the virus from.

To be honest I was jumping from one site to another pretty quickly when things started happening, so I couldn't point to one specifically anyway.

My main goal here was to point out the procedure I used to remove the virus.

I know the same procedure will not work in every instance. However it will work in many situations where you find yourself with a virus. Allot of times you may only need to use a restore point and disk cleanup then removal of the virus. This time I did not have that option without booting to Safe Mode.

 

[Ian]

Clifford, do you have Secunia PSI installed? It will scan for vulnerabilities in loads of applications, including the popular ones such as Flash / Adobe Reader etc... It's well worth installing to make sure you're fully patched.

Did anything come up during a scan after the system restore? I wonder if there are any remenants left behind. I occasionally use online scanners from ESet / McAfee just to double check that Kaspersky hasn't missed anything.

I run AVG and MSE no issues.

Are you running them both in real time mode? I suspect it may cause some performance and possibily detection issues if so - although there's no harm in running one real-time and one on demand .

 

[Mychael]

Both in real time and no, not any issues or slow down. Somewhere I was reading about MSE and it said how it was designed to be compatible with most other AV programs.
I think there are just so many variables with system set-ups and hardware etc that's it's almost impossible to give a definitive yea or nay to anything. What works fine for one won't be right for someone else.

 

[catilley1092]

I used to run MSE & Avast together in real time mode, I noticed no ill effects. When I setup the two, I had them avoid scanning the other one's files. This was when MSE had just arrived on the scene, yet to be proven, and I had used Avast for two years, with no problems.

In January of this year, when the popularity of MSE was rising, and proven, I uninstalled Avast from everything, except Win 2K, which MSE won't install on. Both are good AV's, but MSE leaves a smaller footprint, and offers complete protection. As I've already stated, I run Malwarebytes on all of my Windows OS's as my second line of defense.

However, a similar attack happened to me a few months ago, on Safari, but I didn't have the presence of mind that C_C had when he was attacked. I panicked instead. Probably because an attack that bad had never happened to me before. Hopefully, it won't happen again.

Cat

 

[TrainableMan]

Running two active anti-virus programs in realtime is not recommended because of conflicts and performance - both want to be first to process and both use system resources.

http://ask-leo.com/can_i_run_more_t...am_antispyware_program_firewall_should_i.html

http://forums.cnet.com/5208-10149_102-0.html?threadID=116760

 

[catilley1092]

You're right, it's not recommended, and I've never recommended it to anyone. I did it at my own risk. Actually, I didn't want to give up Avast until MSE proved itself, and in time it did.

BTW, I see that you're one of Leo's readers, too. He really knows his way around, and is a solid preacher of backing up your computer.

Cat

 

[Mychael]

Running two active anti-virus programs in realtime is not recommended because of conflicts and performance - both want to be first to process and both use system resources.

http://ask-leo.com/can_i_run_more_t...am_antispyware_program_firewall_should_i.html

http://forums.cnet.com/5208-10149_102-0.html?threadID=116760

Like I said though, there is 'recommendation' and then there is real life. I'm not totally discounting your comments TM but I really don't think there are absolutes when Windows are concerned. Too many variables in both hardware, settings and programs installed.
I run and (have done so since I put MSE on my machine) AVG and MSE all the time, without conflicts, without issues and if there is a performance degradation it's not enough for me to be noticing it.

 

[TorrentG]

Use this simple tool to test your reboot time:

http://www.sevenforums.com/tutorials/720-restart-time.html

Then remove AVG and test again. There will be a dramatic difference. Possibly even half the time, only. That difference also applies to every disk access your machine makes.

 

[Mychael]

I'll have a play but like I said as it's not impacting on anything I'm doing I'm not worried. Back when I was having trouble with Carbonite backup I was trying various confiurations of MSE no MSE AVG no AVG etc etc.. In the end it was all about the same.
If it aint broke why fiddle with it I say.

Ps . So there is no confusion remember I'm still running XP.

 

[catilley1092]

I agree, if it's not broken, why fix it? If you have a good security configuration on XP, stick with it. For me, the last couple of years of using XP Pro, prior to buying a computer with 7 preinstalled, all that I dealt with was viruses. If you have things under control, keep it that way.

Plus, a lot of new hardware still is XP backward compatible. The Kodak printer that I bought a couple of weeks ago works fine in XP.

Cat

 

[Mychael]

Guess I must be doing something right. In all the yrs I've had PC's only once got a virus and that was because I was not paying attention in a chat room and clicked on a link without looking. The Anti-virus (full version) I was using at the time could not fix it and AVG free did, been with AVG ever since.
I doubt any two peoples experiences are the same when it comes to using software, there are just too many variables. seems the only thing we all agree on is Ccleaner.
It wil be interesting to see my expereinces once I swap over to Win7. Might then change my views, we'll wait and see.